Author: gd Date: 2006-05-16 14:29:39 +0000 (Tue, 16 May 2006) New Revision: 15634
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15634 Log: Prevent passwords of winbindd's list of credential caches from beeing swapped to disc using mlock(). (patch was reviewed by Jeremy). Guenther Modified: branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/nsswitch/winbindd.h branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h trunk/source/configure.in trunk/source/nsswitch/winbindd.h trunk/source/nsswitch/winbindd_cred_cache.c trunk/source/nsswitch/winbindd_nss.h Changeset: Modified: branches/SAMBA_3_0/source/configure.in =================================================================== --- branches/SAMBA_3_0/source/configure.in 2006-05-16 13:26:49 UTC (rev 15633) +++ branches/SAMBA_3_0/source/configure.in 2006-05-16 14:29:39 UTC (rev 15634) @@ -1243,6 +1243,8 @@ AC_CHECK_FUNCS(syslog vsyslog timegm) AC_CHECK_FUNCS(setlocale nl_langinfo) AC_CHECK_FUNCS(nanosleep) +AC_CHECK_FUNCS(mlock munlock mlockall munlockall) +AC_CHECK_HEADERS(sys/mman.h) # setbuffer, shmget, shm_open are needed for smbtorture AC_CHECK_FUNCS(setbuffer shmget shm_open) Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd.h 2006-05-16 13:26:49 UTC (rev 15633) +++ branches/SAMBA_3_0/source/nsswitch/winbindd.h 2006-05-16 14:29:39 UTC (rev 15634) @@ -33,6 +33,10 @@ #include "libnscd.h" #endif +#ifdef HAVE_SYS_MMAN_H +#include <sys/mman.h> +#endif + #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c 2006-05-16 13:26:49 UTC (rev 15633) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c 2006-05-16 14:29:39 UTC (rev 15634) @@ -74,6 +74,23 @@ if (strequal(entry->ccname, ccname)) { DLIST_REMOVE(ccache_list, entry); TALLOC_FREE(entry->event); /* unregisters events */ +#ifdef HAVE_MUNLOCK + if (entry->pass) { + size_t len = strlen(entry->pass)+1; +#ifdef DEBUG_PASSWORD + DEBUG(10,("unlocking memory: %p\n", entry->pass)); +#endif + memset(&(entry->pass), 0, len); + if ((munlock(&entry->pass, len)) == -1) { + DEBUG(0,("failed to munlock memory: %s (%d)\n", + strerror(errno), errno)); + return map_nt_error_from_unix(errno); + } +#ifdef DEBUG_PASSWORD + DEBUG(10,("munlocked memory: %p\n", entry->pass)); +#endif + } +#endif /* HAVE_MUNLOCK */ TALLOC_FREE(entry); DEBUG(10,("remove_ccache_by_ccname: removed ccache %s\n", ccname)); return NT_STATUS_OK; @@ -227,9 +244,31 @@ new_entry->service = talloc_strdup(mem_ctx, service); NT_STATUS_HAVE_NO_MEMORY(new_entry->service); } + if (schedule_refresh_event && pass) { +#ifdef HAVE_MLOCK + size_t len = strlen(pass)+1; + + new_entry->pass = TALLOC_ZERO(mem_ctx, len); + NT_STATUS_HAVE_NO_MEMORY(new_entry->pass); + +#ifdef DEBUG_PASSWORD + DEBUG(10,("mlocking memory: %p\n", new_entry->pass)); +#endif + if ((mlock(new_entry->pass, len)) == -1) { + DEBUG(0,("failed to mlock memory: %s (%d)\n", + strerror(errno), errno)); + return map_nt_error_from_unix(errno); + } + +#ifdef DEBUG_PASSWORD + DEBUG(10,("mlocked memory: %p\n", new_entry->pass)); +#endif + memcpy(new_entry->pass, pass, len); +#else new_entry->pass = talloc_strdup(mem_ctx, pass); NT_STATUS_HAVE_NO_MEMORY(new_entry->pass); +#endif /* HAVE_MLOCK */ } new_entry->create_time = create_time; @@ -261,6 +300,13 @@ NTSTATUS destroy_ccache_list(void) { +#ifdef HAVE_MUNLOCKALL + if ((munlockall()) == -1) { + DEBUG(0,("failed to unlock memory: %s (%d)\n", + strerror(errno), errno)); + return map_nt_error_from_unix(errno); + } +#endif /* HAVE_MUNLOCKALL */ return talloc_destroy(mem_ctx) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2006-05-16 13:26:49 UTC (rev 15633) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2006-05-16 14:29:39 UTC (rev 15634) @@ -394,7 +394,7 @@ const char *service; const char *username; const char *sid_string; - const char *pass; + char *pass; uid_t uid; time_t create_time; time_t renew_until; Modified: trunk/source/configure.in =================================================================== --- trunk/source/configure.in 2006-05-16 13:26:49 UTC (rev 15633) +++ trunk/source/configure.in 2006-05-16 14:29:39 UTC (rev 15634) @@ -1243,6 +1243,8 @@ AC_CHECK_FUNCS(syslog vsyslog timegm) AC_CHECK_FUNCS(setlocale nl_langinfo) AC_CHECK_FUNCS(nanosleep) +AC_CHECK_FUNCS(mlock munlock mlockall munlockall) +AC_CHECK_HEADERS(sys/mman.h) # setbuffer, shmget, shm_open are needed for smbtorture AC_CHECK_FUNCS(setbuffer shmget shm_open) Modified: trunk/source/nsswitch/winbindd.h =================================================================== --- trunk/source/nsswitch/winbindd.h 2006-05-16 13:26:49 UTC (rev 15633) +++ trunk/source/nsswitch/winbindd.h 2006-05-16 14:29:39 UTC (rev 15634) @@ -33,6 +33,10 @@ #include "libnscd.h" #endif +#ifdef HAVE_SYS_MMAN_H +#include <sys/mman.h> +#endif + #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND Modified: trunk/source/nsswitch/winbindd_cred_cache.c =================================================================== --- trunk/source/nsswitch/winbindd_cred_cache.c 2006-05-16 13:26:49 UTC (rev 15633) +++ trunk/source/nsswitch/winbindd_cred_cache.c 2006-05-16 14:29:39 UTC (rev 15634) @@ -74,6 +74,23 @@ if (strequal(entry->ccname, ccname)) { DLIST_REMOVE(ccache_list, entry); TALLOC_FREE(entry->event); /* unregisters events */ +#ifdef HAVE_MUNLOCK + if (entry->pass) { + size_t len = strlen(entry->pass)+1; +#ifdef DEBUG_PASSWORD + DEBUG(10,("unlocking memory: %p\n", entry->pass)); +#endif + memset(&(entry->pass), 0, len); + if ((munlock(&entry->pass, len)) == -1) { + DEBUG(0,("failed to munlock memory: %s (%d)\n", + strerror(errno), errno)); + return map_nt_error_from_unix(errno); + } +#ifdef DEBUG_PASSWORD + DEBUG(10,("munlocked memory: %p\n", entry->pass)); +#endif + } +#endif /* HAVE_MUNLOCK */ TALLOC_FREE(entry); DEBUG(10,("remove_ccache_by_ccname: removed ccache %s\n", ccname)); return NT_STATUS_OK; @@ -227,9 +244,31 @@ new_entry->service = talloc_strdup(mem_ctx, service); NT_STATUS_HAVE_NO_MEMORY(new_entry->service); } + if (schedule_refresh_event && pass) { +#ifdef HAVE_MLOCK + size_t len = strlen(pass)+1; + + new_entry->pass = TALLOC_ZERO(mem_ctx, len); + NT_STATUS_HAVE_NO_MEMORY(new_entry->pass); + +#ifdef DEBUG_PASSWORD + DEBUG(10,("mlocking memory: %p\n", new_entry->pass)); +#endif + if ((mlock(new_entry->pass, len)) == -1) { + DEBUG(0,("failed to mlock memory: %s (%d)\n", + strerror(errno), errno)); + return map_nt_error_from_unix(errno); + } + +#ifdef DEBUG_PASSWORD + DEBUG(10,("mlocked memory: %p\n", new_entry->pass)); +#endif + memcpy(new_entry->pass, pass, len); +#else new_entry->pass = talloc_strdup(mem_ctx, pass); NT_STATUS_HAVE_NO_MEMORY(new_entry->pass); +#endif /* HAVE_MLOCK */ } new_entry->create_time = create_time; @@ -261,6 +300,13 @@ NTSTATUS destroy_ccache_list(void) { +#ifdef HAVE_MUNLOCKALL + if ((munlockall()) == -1) { + DEBUG(0,("failed to unlock memory: %s (%d)\n", + strerror(errno), errno)); + return map_nt_error_from_unix(errno); + } +#endif /* HAVE_MUNLOCKALL */ return talloc_destroy(mem_ctx) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } Modified: trunk/source/nsswitch/winbindd_nss.h =================================================================== --- trunk/source/nsswitch/winbindd_nss.h 2006-05-16 13:26:49 UTC (rev 15633) +++ trunk/source/nsswitch/winbindd_nss.h 2006-05-16 14:29:39 UTC (rev 15634) @@ -395,7 +395,7 @@ const char *service; const char *username; const char *sid_string; - const char *pass; + char *pass; uid_t uid; time_t create_time; time_t renew_until;